Author Topic: WhitelistCloud 1.00 beta  (Read 1635 times)

Offline Triple Helix

  • Administrator
  • Sr. Member
  • *****
  • Posts: 430
  • Truth is more of a stranger than fiction.
    • View Profile
Re: WhitelistCloud 1.00 beta
« Reply #105 on: August 14, 2019, 11:51:00 pm »
I wonder why this showed up now? I also like when you click on the file path it opens it's location! I manually Whitelisted it.

Microsoft® Windows Insider MVP - Windows Security
Webroot SecureAnywhere Complete & VoodooShield Pro & WhitelistCloud
Alienware 17R5 Laptop with the new i9-8950HK Processor, 32GB of RAM and 2 Samsung NVMe 960 Pro's.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #106 on: August 15, 2019, 12:54:53 am »
Sorry about that Telos!  Can you check in Windows Defender Firewall to see if WLC created a firewall rule for the AirVPN's "Eddie" client?  Or you can start WLC and click the "Clear Firewall Rules" on the Settings tab.  WLC should remove the rule once the AirVPN's "Eddie" client is considered safe, either automatically or by the user clicking "Whitelist Item".

This is the only thing I can think of... please let me know how it goes.
I'm at a loss understanding how WLC interacts with Windows Defender Firewall (WGF). You mention "Clear Firewall Rules"... but I have quite a few rules in WDF and I'm not keen on seeing those wiped... or is there another set that is involved when WLC is running.

How would I check if WLC created a rule? I don't see a field that describes the source of a firewall rule apart from the restricted ones which are owned by Win 10.

Re: "Eddie" here are the primary executables...



Of those, I only see openvpn.exe among my WDF entries... AirVPN get daily use, so re-imaging to have VPN access is not something I choose to do frequently.
All WC rules that are added to WDF are named like this... "WhitelistCloud - (process path of the item)", so they all start with "WhitelistCloud", and the icon is a red "Do Not" icon that sticks out like sore thumb.  If you click the "Clear Firewall Rules" button, it should only remove the rules that have been created by WC.  And really, the only thing that WC does to interact with WDF is to create and remove its own rules, which name always start with "WhitelistCloud".

In WC, you can click the "Windows Firewall" button and it will take you to exactly where you need to be to look for any Inbound and Outbound rules that WC might have created.  I hope this helps, but if not, just let me know!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #107 on: August 15, 2019, 12:56:53 am »
used WC v1.00 to install v1.01.  seems aok.
average cpu on WC 0.01%  & WCserv 0.92% (during a scan) otherwise usage falls back to 0.00% here. 
I see the cpu thread usage varies from 13 to 17. 
fwiw, I like interface without the minimize button.
I do have whitelist double entry for google software_reporter_tool but different file sizes so I assume google (chrome) dropped in an update. I have mixed feelings about not getting any notice of that.  I'll dig a little deeper.
Hey, the dupe is probably just a different version of file.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #108 on: August 15, 2019, 12:57:29 am »
Installed 101 on both W10 machines. One took 6min/15secs for initial scan and the older machine took 4min/10 secs for the initial scan.
Nothing unexpected.
Thanks Dan. :)
Very cool, thank you for letting me know!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #109 on: August 15, 2019, 12:58:19 am »
This is my W10 now.
2 to about 3% is about the norm though.
Cool, thank you Jasper, please try 1.01, hopefully it will be 0 ;).
Yes it is 0 now.
The GUI was there last night but is not there now. It could be something with this system but if it is there later on I will let you know.
I have just done a reinstall to see if that helps at this end.
Very cool about the cpu utilization!  The fix was to limit the process creation mechanism in the service to just the PID and the Process Path, instead of the entire process.  I would have done it that way from the beginning, but both of my machines that I had WC installed on essentially had 0 cpu utilization the entire time, so I just left it as it was, just in case we needed some of the other process info for something else later on.

That is very odd about the GUI.  So that we are on the same page, what happens when you double click the WC tray icon?  Thank you!

Sorted I hope and it is possible it was down to me. I have my Taskbar always on top and it could have been hiding behind that. When I looked tonight as soon as I switched the laptop on it was coloured red as a tray icon - a false positive.
I will let you know though if the problem does come back.
Sounds great... please let me know if it acts up again!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #110 on: August 15, 2019, 01:02:20 am »
I wonder why this showed up now? I also like when you click on the file path it opens it's location! I manually Whitelisted it.
Very cool, thank you, yeah, that is one of the many Easter eggs.  If you want yet another lifetime license, I would be happy to give you one ;).

BTW, older versions of VS might block that call... but it is permanently fixed in VS 5.02, which I will be releasing as soon as Alex finishes something up on the web server.

Once I figure out that one Windows Files and Apps method, files like these will be a non-issue.


Offline Tarnak

  • Most Valuable Member
  • Jr. Member
  • *
  • Posts: 63
    • View Profile
Re: WhitelistCloud 1.00 beta
« Reply #111 on: August 15, 2019, 01:46:06 am »
I wonder why this showed up now? I also like when you click on the file path it opens it's location! I manually Whitelisted it.

I decided to do a WC custom scan on that location, and it came up safe. However, different file size.  But, that would probably because I am still running an earlier build, i.e Windows Pro 1803.   ;)




Offline Triple Helix

  • Administrator
  • Sr. Member
  • *****
  • Posts: 430
  • Truth is more of a stranger than fiction.
    • View Profile
Re: WhitelistCloud 1.00 beta
« Reply #112 on: August 15, 2019, 04:34:42 pm »
I wonder why this showed up now? I also like when you click on the file path it opens it's location! I manually Whitelisted it.
Very cool, thank you, yeah, that is one of the many Easter eggs.  If you want yet another lifetime license, I would be happy to give you one ;).

BTW, older versions of VS might block that call... but it is permanently fixed in VS 5.02, which I will be releasing as soon as Alex finishes something up on the web server.

Once I figure out that one Windows Files and Apps method, files like these will be a non-issue.

Yes I would and I like it!  8)
Microsoft® Windows Insider MVP - Windows Security
Webroot SecureAnywhere Complete & VoodooShield Pro & WhitelistCloud
Alienware 17R5 Laptop with the new i9-8950HK Processor, 32GB of RAM and 2 Samsung NVMe 960 Pro's.

Offline Triple Helix

  • Administrator
  • Sr. Member
  • *****
  • Posts: 430
  • Truth is more of a stranger than fiction.
    • View Profile
Re: WhitelistCloud 1.00 beta
« Reply #113 on: August 15, 2019, 05:31:16 pm »
Another nice feature is you can click on any Whitelistred File and it will show you details! Again if you click on the File Path it will open it's location. Another nice feature you can click on the File Hash to copy to Clipboard and then enter into VT if you like. https://www.virustotal.com/gui/file/dc788dee643f430e19bd67042274d5ae2e5a9213b9900282fac6995fbb4d4ebf/detection

Microsoft® Windows Insider MVP - Windows Security
Webroot SecureAnywhere Complete & VoodooShield Pro & WhitelistCloud
Alienware 17R5 Laptop with the new i9-8950HK Processor, 32GB of RAM and 2 Samsung NVMe 960 Pro's.

Offline Jasper The Rasper

  • Administrator
  • Full Member
  • *****
  • Posts: 192
    • View Profile
Re: WhitelistCloud 1.00 beta
« Reply #114 on: August 15, 2019, 08:13:19 pm »
Another nice feature is you can click on any Whitelistred File and it will show you details! Again if you click on the File Path it will open it's location. Another nice feature you can click on the File Hash to copy to Clipboard and then enter into VT if you like. https://www.virustotal.com/gui/file/dc788dee643f430e19bd67042274d5ae2e5a9213b9900282fac6995fbb4d4ebf/detection

I noticed at the weekend that the hash could be copied to the clipboard, a little extra that is very useful.

Offline Askmark

  • Youngling
  • *
  • Posts: 6
    • View Profile
Re: WhitelistCloud 1.00 beta
« Reply #115 on: August 15, 2019, 11:07:59 pm »
Hi Dan,

I have to say I'm really impressed with the beta of WhiteCloud. Working perfectly on my Windows 8.1 and Windows 10 machines. Stable as a rock so far and cpu utilization negligible, even on my 10 year old Core2-Duo PC!

The interface design is really clean, crisp and uncluttered. I like that instead of having a separate update button, you can just click on the version number and it tells you if it's current or not. I also like that you can invoke the scanning of files in multiple ways: dragging a file from Explorer to the main gui (no matter what tab you're on: Status;Scan;Whitelist or Settings 8)), clicking on the upload icon (allowing you to scan multiple files in one go) or from the context menu in Explorer.

The integration with Window's Firewall is a stroke of genius; such a simple idea but so effective. It will prove especially useful on a corporate network to help prevent the spread of malware to other devices on a LAN.

Keep up the great work :)

Mark

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #116 on: August 16, 2019, 06:24:13 am »
I wonder why this showed up now? I also like when you click on the file path it opens it's location! I manually Whitelisted it.

I decided to do a WC custom scan on that location, and it came up safe. However, different file size.  But, that would probably because I am still running an earlier build, i.e Windows Pro 1803.   ;)
It's hard to say for sure... but please keep in mind that the file size in WC is rounded to the nearest hundredth, and it probably will not match the windows explorer details view file size perfectly.  Either way, I think the Windows Files / Apps code is finished, I will double check everything in the morning before I release it, but I think it is going to work out really, really well.  Basically, there should be essentially zero false detections for all Windows files, and very few or none for Windows Apps (C:\program files\windowsapps).  But please keep in mind that WC is just over a month old total, so we might have to fix a bug or two... but either way, I think we are very, very close to having a "final" product.  Thank you!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #117 on: August 16, 2019, 06:27:11 am »
Another nice feature is you can click on any Whitelistred File and it will show you details! Again if you click on the File Path it will open it's location. Another nice feature you can click on the File Hash to copy to Clipboard and then enter into VT if you like. https://www.virustotal.com/gui/file/dc788dee643f430e19bd67042274d5ae2e5a9213b9900282fac6995fbb4d4ebf/detection

I noticed at the weekend that the hash could be copied to the clipboard, a little extra that is very useful.
Thank you TH and Jasper!  At some point I will try to get approval from VT to see if they will let us automatically link the hash to their site and lookup the file by hash.  It will be very, very simple to do... it is pretty much already done ;).

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #118 on: August 16, 2019, 06:28:42 am »
Hi Dan,

I have to say I'm really impressed with the beta of WhiteCloud. Working perfectly on my Windows 8.1 and Windows 10 machines. Stable as a rock so far and cpu utilization negligible, even on my 10 year old Core2-Duo PC!

The interface design is really clean, crisp and uncluttered. I like that instead of having a separate update button, you can just click on the version number and it tells you if it's current or not. I also like that you can invoke the scanning of files in multiple ways: dragging a file from Explorer to the main gui (no matter what tab you're on: Status;Scan;Whitelist or Settings 8)), clicking on the upload icon (allowing you to scan multiple files in one go) or from the context menu in Explorer.

The integration with Window's Firewall is a stroke of genius; such a simple idea but so effective. It will prove especially useful on a corporate network to help prevent the spread of malware to other devices on a LAN.

Keep up the great work :)

Mark
Hey Mark, how are you?  Thank you, I certainly appreciate that!  Yeah, I am pretty excited about WC and I think there are some really cool things we can do with it.  But obviously we want to keep it lean, mean and clean ;).

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Hero Member
  • *
  • Posts: 569
    • View Profile
    • VoodooShield
Re: WhitelistCloud 1.00 beta
« Reply #119 on: August 16, 2019, 02:43:28 pm »
Hey Guys, so here is WC 1.02...

https://www.whitelistcloud.com/Download/InstallWhitelistCloud.exe
SHA-256: 2abc9f92934361c8d8c486b7f57ecf42df500de9bef7632e0d14728f3a56f30b

The bugs that you guys have mentioned should all be fixed, but if something is not quite right, please let me know.

All of the Windows Files and Windows Store Apps should be just right now, but if there are any "false positives" please let me know.  Windows files use a special digital signature, that to my knowledge pretty much cannot be faked, since the hashes are stored in the security catalogs.  This not only makes verifying Windows files more efficient, but it also makes it more secure.

I also added a prompt on first run to ask the user if they are using a third party firewall, and automatically set WC to not use the Windows Defender Firewall and to not prompt the user while using a third party firewall.  Thank you gorblimey for the suggestion!

Have a great weekend!  Hopefully Alex and I will finish up VS 5.02 this weekend and we will be good to go.